Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 3, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2561 9.9 緊急
Network 		The Kyverno Authors Kyverno The Kyverno AuthorsのKyvernoにおける複数の脆弱性 CWE-269
CWE-918
CVE-2026-22039 2026-02-4 18:36 2026-01-27 Show GitHub Exploit DB Packet Storm
2562 5.4 警告
Network 		charm soft serve charmのsoft serveにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-22253 2026-02-4 18:36 2026-01-8 Show GitHub Exploit DB Packet Storm
2563 6.5 警告
Network 		Spree Commerce Spree Spree CommerceのSpreeにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-22588 2026-02-4 18:36 2026-01-8 Show GitHub Exploit DB Packet Storm
2564 5.4 警告
Network 		cvat cvat cvatにおける複数の脆弱性 CWE-79
CWE-83
CVE-2026-23516 2026-02-4 18:36 2026-01-21 Show GitHub Exploit DB Packet Storm
2565 5.4 警告
Network 		OpenProject OpenProject OpenProjectにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-23625 2026-02-4 18:36 2026-01-19 Show GitHub Exploit DB Packet Storm
2566 6.5 警告
Network 		OpenProject OpenProject OpenProjectにおける誤ったセッションへのデータ要素の漏えいに関する脆弱性 CWE-488
誤ったセッションへのデータ要素の漏えい 		CVE-2026-23646 2026-02-4 18:36 2026-01-19 Show GitHub Exploit DB Packet Storm
2567 4.3 警告
Network 		OpenProject OpenProject OpenProjectにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2026-23721 2026-02-4 18:36 2026-01-19 Show GitHub Exploit DB Packet Storm
2568 5.3 警告
Network 		Linux Foundation rekor Linux FoundationのrekorにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-23831 2026-02-4 18:36 2026-01-22 Show GitHub Exploit DB Packet Storm
2569 6.1 警告
Network 		Lee Peuker Movary Lee PeukerのMovaryにおける複数の脆弱性 CWE-20
CWE-79
CVE-2026-23841 2026-02-4 18:36 2026-01-19 Show GitHub Exploit DB Packet Storm
2570 6.5 警告
Network 		The Kyverno Authors Kyverno The Kyverno AuthorsのKyvernoにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-23881 2026-02-4 18:36 2026-01-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 3, 2026, 4:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
131 8.4 HIGH
Local 		- - OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF h… New CWE-190
 Integer Overflow or Wraparound 		CVE-2026-37540 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
132 9.8 CRITICAL
Network 		- - Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of… New CWE-121
Stack-based Buffer Overflow 		CVE-2026-37539 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
133 - - - An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) … New - CVE-2026-37457 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
134 4.4 MEDIUM
Local 		- - An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via… New - CVE-2026-35233 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
135 - - - A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request. New - CVE-2026-26461 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
136 4.3 MEDIUM
Network 		- - Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigg… New CWE-940
 Improper Verification of Source of a Communication Channel 		CVE-2026-23866 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
137 6.5 MEDIUM
Network 		- - An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the a… New CWE-158
 Improper Neutralization of Null Byte or NUL Character 		CVE-2026-23863 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
138 9.6 CRITICAL
Network 		- - A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the proce… New CWE-416
 Use After Free 		CVE-2026-22166 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
139 3.3 LOW
Local 		- - An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab() New - CVE-2026-21996 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm
140 - - - Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli… New - CVE-2025-69606 2026-05-2 03:16 2026-05-2 Show GitHub Exploit DB Packet Storm